Previous

Next

Summary and knowledge check

Completed

In this module, you learned about how Microsoft Online Services procure, monitor, and manage subprocessors to help protect data from unauthorized access and inappropriate use.

Now that you have completed this module, you should be able to:

• Explain how the Supplier Security and Privacy Assurance (SSPA) program helps Microsoft online services protect customer data and personal data.
• List the types of subprocessors utilized by Microsoft and the access controls employed by each type.
• Describe how the additional subprocessor requirements of Microsoft's business units limit the number of approved subprocessors and provide an extra layer of protection.
• List subprocessor onboarding and ongoing subprocessor verification requirements required by the SSPA program.
• Describe Microsoft commitments to protecting customer data and personal data when a supplier contract ends.

Check your knowledge

1.

What type of subprocessor is used to deliver services to help support, operate, and maintain Microsoft Online Services?

Technology subprocessors

Ancillary subprocessors

Contract Staff

2.

Which statement about Microsoft 365 subprocessor monitoring is accurate?

All subprocessors require an annual attestation of compliance to applicable controls in the DPR.

All subprocessors require an annual audit by a certified audit authority.

Microsoft provides customer notice six months in advance of providing a subprocessor with access to Personal Data as part of contracted work.

3.

At the end of an engagement with Microsoft, how long does the subprocessor have to completely return or destroy all data?

Seven days from the end of the engagement

30 days from the end of the engagement

Immediately upon request but not to exceed 24 hours

You must answer all questions before checking your work.

Continue